The number of malware infections containing a cryptominer has fallen by at least 78 percent in Southeast Asia after a major operation by Interpol. Police forces in several countries tracked down infected devices and notified victims of the hacks.
The sharp drop happened after what Interpol calls Operation Goldfish Alpha. During that operation, Interpol worked with police forces in Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam. During the operation, it was mapped out for nine months where infected routers were located in those countries. This specifically concerned MikroTik routers, which contain a known vulnerability. At least 20,000 routers were found running a cryptominer. According to Interpol, that number accounted for 18 percent of all infected routers worldwide.
Police forces worked together to locate the routers and then alert the victims. They also sent security updates for the router to the victims so that those devices could no longer be included in the botnet. In this way, Interpol was able to reduce the number of infected routers by 78 percent. Police say they are still investigating and cleaning up the routers. Interpol has partnered with private security firms, most notably Trend Micro and the Cyber Defense Institute. They supported the operation with information and analysis about cryptojacking. In that process, a cryptominer is placed on a computer or IoT device that mines cryptocurrencies. With large numbers of devices, criminals can earn a lot of money with this, especially if they manage to infect corporate networks. According to Interpol, cryptojacking is a crime that the police often know little about. “Operation Goldfish Alpha is also aimed at acquiring more knowledge about cryptojacking, such as how to recognize and prevent it,” writes Interpol’s director of cybercrime unit Craig Jones.